For the past 2 years it seems the world has been in limbo. Are we swiping are inserting? Finally, it feels we have clarity: we are inserting. The world is rapidly switching to use of “the chip.”
In the morning you swipe your car to buy some coffee or gas. That night a scammer is counterfeiting your card and running up charges in your name. This problem was common until October of 2015 when EMV pin pad technology became required throughout the US. Now the problem has been nearly eliminated entirely. Keep reading to learn how EMV became the standard and what it means for the future of payment security.
Before EMV
Magnet strips brought payment cards into the modern era. Thanks to this cheap and easy solution, just about any card could carry personal data and interface with payment terminals across the country. It’s thanks to magnetic stripping that few people carry cash and “swiping” has become synonymous with payment.
Magnet strips may be convenient, but the 60-year-old technology is also incredibly insecure. Each strip holds a personal user number that it transmits to payment terminals to authenticate a transaction. The problem is that this number is not kept secret and it never changes. Anyone with access to the terminal could steal the number, imprint it on another magnetic strip, then start drawing on your accounts with a card that looks just like yours.
Estimates of exactly how much money is stolen through payment card counterfeiting are hard to pinpoint. However, Visa reported that 69% of the fraud it recorded involved counterfeited cards, by far the largest single category of fraud.
Merchants and payment processors worked to add more security on the back-end, but over time so much financial information was compromised and released online that no solution could completely solve the problem. Rather than trying to reinforce an aging and inadequate solution, merchants across the world adopted an ironclad alternative – EMV technology.
After EMV
EMV stand for Europay, MasterCard, Visa – the three companies that pioneered the technology and security standards. It was first introduced in France in 1994 and quickly became the standard throughout Europe. Authorizing credit card payments over the phone was prohibitive in Europe due to international calling rates which is why they were quick to abandon magnetic strips. The outlook was different in the US.
Despite widespread credit card fraud, including a data breach at Target that affected 41 million customers, the cost of fraud was considered the cost of doing business. Updating the payment infrastructure in the US was seen as prohibitively expensive, at least until rates of fraud became unsustainable.
After a string of high-profile and widespread data breaches the industry agreed to make EMV pin pads the standard for point of sale systems starting in 2015. Merchants who did not provide EMV-compatible payment terminals were liable for any charges resulting from counterfeit cards. That liability shift created a powerful incentive to upgrade. More than 80% of all payment terminals in the US are now compliant, up from just 4% in 2012.
At some point in the past 3-4 years you have probably transitioned to an EMV card. They look essentially the same except for what appears to be a small microchip fixed to the front of the card. The technology inside that chip is relatively simply, but it has an important impact on merchant and consumer security.
Unlike magnetic strips, chips encrypt your personal payment number before sending it for payment processing. The encrypted number is used only once so that it can’t be stolen. This layer of security prevents thieves from linking banking information to an individual. Plus, it ensures that even if banking data is stolen it’s useless.
Research suggest the EMV rollout has had the intended effect. Counterfeit card fraud was down by 66% halfway through 2017 at merchants with EMV technology. The technology has also improved significantly so that payments process faster and work more intuitively. By all accounts EMV has been an important addition to payment security, but its impact is likely to be short-term.
Beyond EMV
EMV helps to solve counterfeit card fraud, but there are lots of other ways to steal and exploit personal financial information. Cyber thieves have proven to be as tenacious as they are dastardly. So when one new security measure goes into place they quickly find two new vulnerabilities to exploit.
EMV pin pads makes it much harder to commit fraud in person. In response, thieves have shifted their focus to scams that occur online where transactions are not subject to EMV safeguards. Without the technology to encrypt your payment information there are multiple ways for thieves to steal and exploit your data. This problem has become so large, in fact, that total fraud has actually gone up since the EMV rollout. Identify theft affected a record 15.4 million people in 2017, and online fraud rose by 43 percent. Considering that the total value of online commerce it expected to top 25 trillion by 2020, criminals have an obvious incentive to target this massive sector of the economy.
Fraud may be shifting online, but that doesn’t mean retailers are immune. One survey showed at 78% of consumersconsider data security to be “extremely important” when working with a company. Any retailer that can’t secure data and convince consumers it’s secure will struggle to build loyalty.
Almost as soon as EMV appeared, contactless payments came into vogue. Paying with a phone or through an app is convenient, but it also builds extra security into the payment process. More than $2 trillion will be exchanged through contactless payments by 2020, largely because it’s such an intuitive way to pay. It also helps that every EMV terminal is engineered to accept contactless payments, making it easy for retailers to expand payment options.
Over the short term we are likely to see contactless payments become the norm and for payment codes to replace payment cards. Biometric payments – using a fingerprint or eye scan – are possible down the road, but the future of payment security is on the back-end. Merchants, banks, payment processors, and card companies must work cooperatively to make all payments as simple as they are secure.
Focusing on the POS
If you are still operating without EMV-compliant terminals it’s time to seriously consider an upgrade. Even if you do have terminals in place, don’t get complacent about payment security. Focusing only on the threats of today makes you vulnerable to the threats of tomorrow. Intuit QuickBooks Point of Sale often offers promotions which include a free EMV pin pad to ensure their new POS clients are compliant from Day 1.
Your QuickBooks POS system is one of the best defenses you have. Quality solutions have sophisticated security measures in place to protect your interests and your customer’s data. Plus, they provide the kind of top-down perspective and centralized control you need to root out threats and vulnerabilities. When you’re ready to upgrade your QuickBooks POS, your data security, and your customer experience all at the same time, contact the team at Fourlane.